Edit tour

Windows Analysis Report
http://matamask-usaklog.godaddysites.com/

Overview

General Information

Sample URL:	http://matamask-usaklog.godaddysites.com/
Analysis ID:	1589361
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish64

AI detected suspicious URL

Detected non-DNS traffic on DNS port

HTML title does not match URL

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2360,i,239639153470750848,14560464751290221293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://matamask-usaklog.godaddysites.com/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
1.1.pages.csv	JoeSecurity_HtmlPhish_64	Yara detected HtmlPhish_64	Joe Security
1.0.pages.csv	JoeSecurity_HtmlPhish_64	Yara detected HtmlPhish_64	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://matamask-usaklog.godaddysites.com/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://matamask-usaklog.godaddysites.com/manifest.webmanifest	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/blog/f.atom	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/f.atom	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/f.rss	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/sw.js	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/about	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/lookbook	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/404	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/blog/f.json	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/blog	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/terms-and-conditions	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/privacy-policy	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/blog/f.rss	Avira URL Cloud: Label: phishing
Source: https://matamask-usaklog.godaddysites.com/f.json	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://matamask-usaklog.godaddysites.com/

Joe Sandbox AI: Score: 9 Reasons: The brand 'Metamask' is known and its legitimate domain is 'metamask.io'., The URL 'matamask-usaklog.godaddysites.com' does not match the legitimate domain., The URL contains a misspelling of 'Metamask' as 'matamask', which is a common phishing tactic., The use of 'godaddysites.com' as a domain host is suspicious for a known brand like Metamask, which typically uses its own domain., The presence of extra words and hyphens in the URL is indicative of phishing. DOM: 1.0.pages.csv

Yara detected HtmlPhish64

Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML

AI detected suspicious URL

Source: URL	Joe Sandbox AI: AI detected Brand spoofing attempt in URL: http://matamask-usaklog.godaddysites.com
Source: URL	Joe Sandbox AI: AI detected Typosquatting in URL: http://matamask-usaklog.godaddysites.com

Source: https://matamask-usaklog.godaddysites.com/

HTTP Parser: Title: MetMask | Login does not match URL

Source: https://matamask-usaklog.godaddysites.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://matamask-usaklog.godaddysites.com/	HTTP Parser: No <meta name="copyright".. found

Source: global traffic

TCP traffic: 192.168.2.4:53542 -> 162.159.36.2:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: matamask-usaklog.godaddysites.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: matamask-usaklog.godaddysites.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://matamask-usaklog.godaddysites.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1
Source: global traffic	HTTP traffic detected: GET /sw.js HTTP/1.1Host: matamask-usaklog.godaddysites.comConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://matamask-usaklog.godaddysites.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1
Source: global traffic	HTTP traffic detected: GET /manifest.webmanifest HTTP/1.1Host: matamask-usaklog.godaddysites.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://matamask-usaklog.godaddysites.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /privacy-policy HTTP/1.1Host: matamask-usaklog.godaddysites.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://matamask-usaklog.godaddysites.com/sw.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1
Source: global traffic	HTTP traffic detected: GET /about HTTP/1.1Host: matamask-usaklog.godaddysites.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://matamask-usaklog.godaddysites.com/sw.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1
Source: global traffic	HTTP traffic detected: GET /blog HTTP/1.1Host: matamask-usaklog.godaddysites.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://matamask-usaklog.godaddysites.com/sw.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1
Source: global traffic	HTTP traffic detected: GET /terms-and-conditions HTTP/1.1Host: matamask-usaklog.godaddysites.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://matamask-usaklog.godaddysites.com/sw.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: matamask-usaklog.godaddysites.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://matamask-usaklog.godaddysites.com/sw.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1
Source: global traffic	HTTP traffic detected: GET /lookbook HTTP/1.1Host: matamask-usaklog.godaddysites.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://matamask-usaklog.godaddysites.com/sw.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: dps_site_id=us-east-1
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: matamask-usaklog.godaddysites.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: matamask-usaklog.godaddysites.com
Source: global traffic	DNS traffic detected: DNS query: img1.wsimg.com
Source: global traffic	DNS traffic detected: DNS query: isteam.wsimg.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundLink: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.12.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LIftL.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwr7Iw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossoriginCache-Control: max-age=30Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.comStrict-Transport-Security: max-age=63072000; includeSubDomains; preloadContent-Type: text/html;charset=utf-8Vary: Accept-EncodingServer: DPS/2.0.0+sha-fcac51dX-Version: fcac51dX-SiteId: us-east-1Set-Cookie: dps_site_id=us-east-1; path=/; secureDate: Sun, 12 Jan 2025 00:44:12 GMTConnection: closeTransfer-Encoding: chunked

Source: chromecache_145.2.dr, chromecache_110.2.dr	String found in binary or memory: http://foodnetwork.tumblr.com/rss
Source: chromecache_109.2.dr, chromecache_154.2.dr, chromecache_153.2.dr, chromecache_113.2.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_122.2.dr, chromecache_164.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: http://scripts.sil.org/OFL
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIhMX1D_JOuMw_LIftL.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIhMX1D_JOuMw_LJftLp_A.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIhMX1D_JOuMw_LLPtLp_A.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIhMX1D_JOuMw_LL_tLp_A.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIhMX1D_JOuMw_LLvtLp_A.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIhMX1D_JOuMw_LT_tLp_A.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIhMX1D_JOuMw_LXftLp_A.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIvMX1D_JOuM2T7I-NP.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIvMX1D_JOuM3b7I-NP.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIvMX1D_JOuMw77I-NP.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIvMX1D_JOuMwT7I-NP.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIvMX1D_JOuMwX7I-NP.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIvMX1D_JOuMwf7I-NP.woff2)
Source: chromecache_137.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lora/v35/0QIvMX1D_JOuMwr7Iw.woff2)
Source: chromecache_93.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2)
Source: chromecache_93.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTPYgFE_.woff2)
Source: chromecache_93.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTjYgFE_.woff2)
Source: chromecache_93.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_122.2.dr, chromecache_164.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://github.com/clauseggers/Playfair-Display)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_122.2.dr, chromecache_164.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://github.com/cyrealtype/Lora-Cyrillic)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LIftL.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LJftLp_A.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LLPtLp_A.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LL_tLp_A.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LLvtLp_A.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LT_tLp_A.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LXftLp_A.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuM2T7I-NP.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuM3b7I-NP.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMw77I-NP.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwT7I-NP.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwX7I-NP.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwf7I-NP.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwr7Iw.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTPYgFE_.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTjYgFE_.woff2)
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2)
Source: chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/isteam/ip/92eb39f8-1f3b-4fc3-8102-bd3713c8977a/metamask.png
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_122.2.dr, chromecache_164.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://img1.wsimg.com/poly/v3/polyfill.min.js?rum=0&unknown=polyfill&flags=gated&features=Intl.~loc
Source: chromecache_122.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/
Source: chromecache_103.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/404
Source: chromecache_134.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/about
Source: chromecache_164.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/blog
Source: chromecache_164.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/blog/f.atom
Source: chromecache_164.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/blog/f.json
Source: chromecache_164.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/blog/f.rss
Source: chromecache_122.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/f.atom
Source: chromecache_122.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/f.json
Source: chromecache_122.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/f.rss
Source: chromecache_140.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/lookbook
Source: chromecache_158.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/privacy-policy
Source: chromecache_99.2.dr	String found in binary or memory: https://matamask-usaklog.godaddysites.com/terms-and-conditions
Source: chromecache_140.2.dr, chromecache_134.2.dr, chromecache_122.2.dr, chromecache_164.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	String found in binary or memory: https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 53609
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 53609 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: classification engine

Classification label: mal76.phis.win@17/118@12/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2360,i,239639153470750848,14560464751290221293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://matamask-usaklog.godaddysites.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2360,i,239639153470750848,14560464751290221293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://matamask-usaklog.godaddysites.com/	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://matamask-usaklog.godaddysites.com/manifest.webmanifest	100%	Avira URL Cloud	phishing
http://foodnetwork.tumblr.com/rss	0%	Avira URL Cloud	safe
https://matamask-usaklog.godaddysites.com/blog/f.atom	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/f.atom	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/f.rss	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/sw.js	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/about	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/lookbook	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/404	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/blog/f.json	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/blog	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/favicon.ico	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/terms-and-conditions	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/privacy-policy	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/blog/f.rss	100%	Avira URL Cloud	phishing
https://matamask-usaklog.godaddysites.com/f.json	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
matamask-usaklog.godaddysites.com	13.248.243.5	true	true	unknown
www.google.com	142.250.181.228	true	false	high
isteam.wsimg.com	18.197.103.231	true	false	high
img1.wsimg.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://matamask-usaklog.godaddysites.com/	true		unknown
https://matamask-usaklog.godaddysites.com/sw.js	true	Avira URL Cloud: phishing	unknown
https://matamask-usaklog.godaddysites.com/lookbook	true	Avira URL Cloud: phishing	unknown
https://matamask-usaklog.godaddysites.com/about	true	Avira URL Cloud: phishing	unknown
https://matamask-usaklog.godaddysites.com/manifest.webmanifest	true	Avira URL Cloud: phishing	unknown
https://matamask-usaklog.godaddysites.com/blog	true	Avira URL Cloud: phishing	unknown
https://matamask-usaklog.godaddysites.com/favicon.ico	true	Avira URL Cloud: phishing	unknown
https://matamask-usaklog.godaddysites.com/privacy-policy	true	Avira URL Cloud: phishing	unknown
http://matamask-usaklog.godaddysites.com/	true		unknown
https://matamask-usaklog.godaddysites.com/terms-and-conditions	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTPYgFE_.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://matamask-usaklog.godaddysites.com/blog/f.json	chromecache_164.2.dr	true	Avira URL Cloud: phishing	unknown
https://matamask-usaklog.godaddysites.com/f.rss	chromecache_122.2.dr	true	Avira URL Cloud: phishing	unknown
http://foodnetwork.tumblr.com/rss	chromecache_145.2.dr, chromecache_110.2.dr	false	Avira URL Cloud: safe	unknown
https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwT7I-NP.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMw77I-NP.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://matamask-usaklog.godaddysites.com/f.atom	chromecache_122.2.dr	true	Avira URL Cloud: phishing	unknown
https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwX7I-NP.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuM3b7I-NP.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://matamask-usaklog.godaddysites.com/404	chromecache_103.2.dr	true	Avira URL Cloud: phishing	unknown
https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_122.2.dr, chromecache_164.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LIftL.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTjYgFE_.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTLYgFE_.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LJftLp_A.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuM2T7I-NP.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LT_tLp_A.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://matamask-usaklog.godaddysites.com/blog/f.atom	chromecache_164.2.dr	true	Avira URL Cloud: phishing	unknown
https://img1.wsimg.com/isteam/ip/92eb39f8-1f3b-4fc3-8102-bd3713c8977a/metamask.png	chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LL_tLp_A.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwf7I-NP.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://github.com/cyrealtype/Lora-Cyrillic)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_122.2.dr, chromecache_164.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LXftLp_A.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LLvtLp_A.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/poly/v3/polyfill.min.js?rum=0&unknown=polyfill&flags=gated&features=Intl.~loc	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_122.2.dr, chromecache_164.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://matamask-usaklog.godaddysites.com/f.json	chromecache_122.2.dr	true	Avira URL Cloud: phishing	unknown
https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwr7Iw.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
http://scripts.sil.org/OFL	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_122.2.dr, chromecache_164.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LLPtLp_A.woff2)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high
https://matamask-usaklog.godaddysites.com/blog/f.rss	chromecache_164.2.dr	true	Avira URL Cloud: phishing	unknown
http://jedwatson.github.io/classnames	chromecache_109.2.dr, chromecache_154.2.dr, chromecache_153.2.dr, chromecache_113.2.dr	false		high
https://github.com/clauseggers/Playfair-Display)	chromecache_140.2.dr, chromecache_134.2.dr, chromecache_122.2.dr, chromecache_164.2.dr, chromecache_103.2.dr, chromecache_99.2.dr, chromecache_158.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.197.103.231	isteam.wsimg.com	United States	16509	AMAZON-02US	false
13.248.243.5	matamask-usaklog.godaddysites.com	United States	16509	AMAZON-02US	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589361
Start date and time:	2025-01-12 01:43:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://matamask-usaklog.godaddysites.com/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal76.phis.win@17/118@12/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 172.217.23.110, 108.177.15.84, 172.217.16.206, 142.250.186.46, 142.250.186.174, 142.250.185.74, 216.58.206.35, 95.100.110.86, 95.100.110.77, 23.38.98.114, 23.38.98.78, 142.250.186.170, 142.250.185.106, 172.217.16.202, 142.250.185.170, 142.250.184.234, 216.58.206.74, 172.217.18.106, 142.250.186.42, 172.217.18.10, 142.250.186.106, 142.250.185.234, 142.250.185.138, 142.250.186.74, 142.250.185.202, 216.58.212.170, 199.232.214.172, 192.229.221.95, 142.250.186.142, 142.250.185.142, 142.250.185.238, 142.250.185.163, 216.58.206.46, 184.28.90.27, 20.109.210.53, 13.107.246.45
Excluded domains from analysis (whitelisted): fonts.googleapis.com, e40258.g.akamaiedge.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, global-wildcard.wsimg.com.sni-only.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://matamask-usaklog.godaddysites.com/

Input	Output
URL: http://matamask-usaklog.godaddysites.com Model: Joe Sandbox AI	{ "typosquatting": true, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": true, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": true, "third_party_hosting": true }
URL: http://matamask-usaklog.godaddysites.com
URL: https://matamask-usaklog.godaddysites.com/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The script checks for the presence of certain browser features and, if they are not available, loads a polyfill script from a third-party domain. This is a common practice to ensure compatibility across different browsers and is not inherently malicious. However, the use of `document.write()` to inject the script is considered a legacy practice and could potentially cause issues in some cases." }
"IntersectionObserver"in window&&"Intl"in window&&"Locale"in window.Intl\|\|document.write(`\x3Cscript src="https://img1.wsimg.com/poly/v3/polyfill.min.js?rum=0&unknown=polyfill&flags=gated&features=Intl.~locale.en-US">\x3C/script>`)
URL: https://matamask-usaklog.godaddysites.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "A crypto wallet & gateway to blockchain apps", "prominent_button_name": "MetaMask Login", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://matamask-usaklog.godaddysites.com/ Model: Joe Sandbox AI	{ "brands": [ "Metamask" ] }
	{ "brands": [ "Metamask" ] }
URL: https://matamask-usaklog.godaddysites.com/ Model: Joe Sandbox AI	```json{ "legit_domain": "metamask.io", "classification": "known", "reasons": [ "The brand 'Metamask' is known and its legitimate domain is 'metamask.io'.", "The URL 'matamask-usaklog.godaddysites.com' does not match the legitimate domain.", "The URL contains a misspelling of 'Metamask' as 'matamask', which is a common phishing tactic.", "The use of 'godaddysites.com' as a domain host is suspicious for a known brand like Metamask, which typically uses its own domain.", "The presence of extra words and hyphens in the URL is indicative of phishing." ], "riskscore": 9} Google indexed: False
URL: matamask-usaklog.godaddysites.com Brands: Metamask Input Fields: unknown

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1352)
Category:	dropped
Size (bytes):	1400
Entropy (8bit):	5.307032039583678
Encrypted:	false
SSDEEP:	24:c6BLQZSwXZSUcUxQAQId+06QyyU+bHJRWIFSPhXCoiCUPGyTiKNPR138IHrIYf:j+SwJSxAQ0H0OpwUSPhXCoiCUeuiKNPd
MD5:	5CC6B93D41889C0A55C6C4FCD2D89713
SHA1:	51A59C1DAE337817C4EBAC39FBE61C232705A893
SHA-256:	8671CFDFA128168DB2136D7C17F55BA98DDBA221CDD1ACBBE559D4969280FD51
SHA-512:	8BCAAB1399B6D4D7475C4CF1DC45B0477A9D2AD37578DFCCF23C0C9303716DA1DECD5FBA858D5DD609CB89BCC784E04B72A0D7136BC6EE60DC3EF69CAB977C33
Malicious:	false
Reputation:	low
Preview:	define("@widget/LAYOUT/c/bs-index2-87bd33e6.js",["exports"],(function(t){"use strict";t.a=function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"medium";return{"> :nth-child(n)":{marginBottom:t}," > :last-child":{marginBottom:"0 !important"}}},t.b=function(){let t=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"medium";return{"> :nth-child(n)":{marginRight:t}," > :last-child":{marginRight:"0 !important"}}},t.c=function(t){const e=function(t){if("string"!=typeof t\|\|"{"!==t[0])return null;try{return JSON.parse(t)}catch(t){return null}}(t)\|\|{};let n=0;return e.blocks&&e.blocks.forEach((t=>{const e=t.text.length;n+=(global._\|\|guac.lodash).clamp(e,25,Math.max(e,25))})),n},t.g=()=>{const t=document.getElementsByClassName("ux-scaled");let e=1;return t&&t.length>0&&(e=t[0].getAttribute("data-scale")),e},t.r=t=>{let{count:e=0,fontSizeMap:n={},defaultFontSize:r}=t;const i=(global._\|\|guac.lodash).reduce(n,((t,e,n)=>{let[r,i=Number.MAX_VALUE]=e;return t.push({range:[r,i],

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2025 01:43:59.138870955 CET	53	51497	1.1.1.1	192.168.2.4
Jan 12, 2025 01:43:59.144459963 CET	53	60473	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:00.261938095 CET	53	63851	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:02.979710102 CET	63477	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:02.979914904 CET	60404	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:02.986799002 CET	53	60404	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:02.986839056 CET	53	63477	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:05.039563894 CET	64256	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:05.039684057 CET	51378	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:05.047821999 CET	53	51378	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:05.048086882 CET	53	64256	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:05.531382084 CET	65473	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:05.531675100 CET	58097	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:05.539851904 CET	53	65473	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:05.541026115 CET	53	58097	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:06.218492031 CET	49358	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:06.218924999 CET	56031	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:06.223964930 CET	53	55970	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:06.232981920 CET	61669	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:06.233273029 CET	58065	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:06.240030050 CET	53	61669	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:06.242283106 CET	53	58065	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:07.383029938 CET	58505	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:07.383171082 CET	51967	53	192.168.2.4	1.1.1.1
Jan 12, 2025 01:44:07.688632965 CET	53	58922	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:16.527906895 CET	138	138	192.168.2.4	192.168.2.255
Jan 12, 2025 01:44:17.229969025 CET	53	63344	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:35.955907106 CET	53	51829	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:40.417258978 CET	53	63231	162.159.36.2	192.168.2.4
Jan 12, 2025 01:44:41.193984985 CET	53	49946	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:58.287175894 CET	53	57465	1.1.1.1	192.168.2.4
Jan 12, 2025 01:44:58.330539942 CET	53	59905	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
Jan 12, 2025 01:44:05.054744005 CET	448	OUT	GET / HTTP/1.1 Host: matamask-usaklog.godaddysites.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 12, 2025 01:44:05.529083014 CET	359	IN	HTTP/1.1 301 Moved Permanently location: https://matamask-usaklog.godaddysites.com/ vary: Accept-Encoding server: DPS/2.0.0+sha-fcac51d x-version: fcac51d x-siteid: us-east-1 set-cookie: dps_site_id=us-east-1; path=/ etag: 08f3b13aeec424563eb92ec455108c54 date: Sun, 12 Jan 2025 00:44:05 GMT keep-alive: timeout=5 transfer-encoding: chunked Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:44:06 UTC	707	OUT	GET / HTTP/1.1 Host: matamask-usaklog.godaddysites.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1
2025-01-12 00:44:06 UTC	859	IN	HTTP/1.1 200 OK Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.12.js>; rel=preload; as=script; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-fcac51d X-Version: fcac51d X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: 08f3b13aeec424563eb92ec455108c54 Date: Sun, 12 Jan 2025 00:44:06 GMT Connection: close Transfer-Encoding: chunked
2025-01-12 00:44:06 UTC	15525	IN	Data Raw: 64 64 35 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 4d 65 74 f0 9d 93 aa 4d 61 73 6b 20 7c 20 4c 6f 67 69 6e 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 Data Ascii: dd59<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>MetMask \| Login</title><link rel="alternate" type="a
2025-01-12 00:44:06 UTC	16384	IN	Data Raw: 67 2d 6c 65 66 74 3a 31 2e 33 65 6d 7d 2e 78 20 2e 63 31 2d 38 62 20 3e 20 75 6c 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 36 70 78 7d 2e 78 20 2e 63 31 2d 38 63 20 3e 20 75 6c 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 36 70 78 7d 2e 78 20 2e 63 31 2d 38 64 20 3e 20 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 38 65 20 3e 20 75 6c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 38 66 20 3e 20 6f 6c 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 78 20 2e 63 31 2d 38 67 20 3e 20 6f 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 78 20 2e 63 31 2d 38 68 20 3e 20 6f 6c 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 2e 33 65 6d 7d 2e 78 20 2e 63 31 2d 38 69 20 3e 20 6f 6c 7b 6d 61 72 Data Ascii: g-left:1.3em}.x .c1-8b > ul{margin-left:16px}.x .c1-8c > ul{margin-right:16px}.x .c1-8d > ul{margin-top:auto}.x .c1-8e > ul{margin-bottom:auto}.x .c1-8f > ol{text-align:left}.x .c1-8g > ol{display:block}.x .c1-8h > ol{padding-left:1.3em}.x .c1-8i > ol{mar
2025-01-12 00:44:06 UTC	16384	IN	Data Raw: 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 68 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 64 69 76 3e 20 3c 73 65 63 74 69 6f 6e 20 64 61 74 61 2d 75 78 3d 22 53 65 63 74 69 6f 6e 22 20 64 61 74 61 2d 61 69 64 3d 22 48 45 41 44 45 52 5f 53 45 43 54 49 4f 4e 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 73 65 63 74 69 6f 6e 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 68 20 63 31 2d 69 20 63 31 2d 6a 20 63 31 2d 6b 20 63 31 2d 6c 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 6d 20 63 31 2d 6e 20 63 31 2d 64 20 63 31 2d 65 Data Ascii: c1-d c1-e c1-f c1-g c1-1 c1-2 c1-h c1-b c1-c c1-d c1-e c1-f c1-g c1-1 c1-2 c1-b c1-c c1-d c1-e c1-f c1-g"><div> <section data-ux="Section" data-aid="HEADER_SECTION" class="x-el x-el-section c1-1 c1-2 c1-h c1-i c1-j c1-k c1-l c1-b c1-c c1-m c1-n c1-d c1-e
2025-01-12 00:44:06 UTC	8385	IN	Data Raw: 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 33 31 2e 39 36 38 20 32 33 48 31 32 2e 30 33 32 63 2d 2e 35 37 20 30 2d 31 2e 30 33 32 2d 2e 34 34 38 2d 31 2e 30 33 32 2d 31 20 30 2d 2e 35 35 33 2e 34 36 32 2d 31 20 31 2e 30 33 32 2d 31 68 31 39 2e 39 33 36 63 2e 35 37 20 30 20 31 2e 30 33 32 2e 34 34 37 20 31 2e 30 33 32 20 31 20 30 20 2e 35 35 32 2d 2e 34 36 32 20 31 2d 31 2e 30 33 32 20 31 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 73 65 63 74 69 6f 6e 3e 20 20 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 37 36 61 34 38 Data Ascii: c1-c c1-d c1-e c1-f c1-g"><path fill-rule="evenodd" d="M31.968 23H12.032c-.57 0-1.032-.448-1.032-1 0-.553.462-1 1.032-1h19.936c.57 0 1.032.447 1.032 1 0 .552-.462 1-1.032 1"></path></svg></div></div></div></div></section> </div></div></div><div id="76a48

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:44:12 UTC	653	OUT	GET /favicon.ico HTTP/1.1 Host: matamask-usaklog.godaddysites.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://matamask-usaklog.godaddysites.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1
2025-01-12 00:44:12 UTC	1164	IN	HTTP/1.1 404 Not Found Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.12.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LIftL.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwr7Iw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-fcac51d X-Version: fcac51d X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure Date: Sun, 12 Jan 2025 00:44:12 GMT Connection: close Transfer-Encoding: chunked
2025-01-12 00:44:12 UTC	15220	IN	Data Raw: 31 31 30 64 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 6d 61 74 61 6d 61 73 6b 2d 75 73 61 6b 6c 6f 67 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 61 Data Ascii: 110d9<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>matamask-usaklog</title><meta name="author" content="ma
2025-01-12 00:44:12 UTC	16384	IN	Data Raw: 46 41 37 43 2c 20 55 2b 31 46 41 38 30 2d 31 46 41 38 39 2c 20 55 2b 31 46 41 38 46 2d 31 46 41 43 36 2c 20 55 2b 31 46 41 43 45 2d 31 46 41 44 43 2c 20 55 2b 31 46 41 44 46 2d 31 46 41 45 39 2c 20 55 2b 31 46 41 46 30 2d 31 46 41 46 38 2c 20 55 2b 31 46 42 30 30 2d 31 46 42 46 46 3b 0a 7d 0a 2f 2a 20 76 69 65 74 6e 61 6d 65 73 65 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4c 6f 72 61 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 20 73 77 61 70 3b 0a 20 20 73 72 63 3a 20 75 72 6c 28 68 74 74 70 73 3a 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 67 66 6f 6e 74 73 Data Ascii: FA7C, U+1FA80-1FA89, U+1FA8F-1FAC6, U+1FACE-1FADC, U+1FADF-1FAE9, U+1FAF0-1FAF8, U+1FB00-1FBFF;}/* vietnamese */@font-face { font-family: 'Lora'; font-style: italic; font-weight: 700; font-display: swap; src: url(https://img1.wsimg.com/gfonts
2025-01-12 00:44:12 UTC	16384	IN	Data Raw: 75 74 6f 7d 2e 78 20 2e 63 31 2d 39 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 61 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 62 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4c 6f 72 61 2c 20 73 65 72 69 66 7d 2e 78 20 2e 63 31 2d 63 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 78 20 2e 63 31 2d 68 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 32 32 2c 20 32 32 2c 20 32 32 29 7d 2e 78 20 2e 63 31 2d 69 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 78 20 2e 63 31 2d 6a 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 30 30 70 78 7d 2e 78 20 2e 63 31 2d 6b 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 2e 78 20 Data Ascii: uto}.x .c1-9 > div{margin-bottom:auto}.x .c1-a > div{margin-left:auto}.x .c1-b{font-family:Lora, serif}.x .c1-c{font-size:16px}.x .c1-h{background-color:rgb(22, 22, 22)}.x .c1-i{padding-top:100px}.x .c1-j{padding-bottom:100px}.x .c1-k{overflow:visible}.x
2025-01-12 00:44:12 UTC	16384	IN	Data Raw: 36 20 63 31 2d 33 37 20 63 31 2d 33 38 20 63 31 2d 33 39 20 63 31 2d 33 61 20 63 31 2d 33 62 20 63 31 2d 33 63 20 63 31 2d 33 64 20 63 31 2d 31 79 20 63 31 2d 31 7a 20 63 31 2d 33 65 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 20 64 61 74 61 2d 74 63 63 6c 3d 22 75 78 32 2e 48 45 41 44 45 52 2e 68 65 61 64 65 72 39 2e 4e 61 76 2e 44 65 66 61 75 6c 74 2e 4c 69 6e 6b 2e 44 72 6f 70 64 6f 77 6e 2e 38 35 34 38 35 2e 63 6c 69 63 6b 2c 63 6c 69 63 6b 22 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 22 20 64 61 74 61 2d 61 69 64 3d 22 4e 41 56 5f 4d 4f 52 45 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d Data Ascii: 6 c1-37 c1-38 c1-39 c1-3a c1-3b c1-3c c1-3d c1-1y c1-1z c1-3e c1-d c1-e c1-f c1-g" data-tccl="ux2.HEADER.header9.Nav.Default.Link.Dropdown.85485.click,click"><div style="pointer-events:none;display:flex;align-items:center" data-aid="NAV_MORE"><span style=
2025-01-12 00:44:12 UTC	5491	IN	Data Raw: 6c 74 65 72 6e 61 74 65 5c 22 3a 7b 5c 22 66 61 6d 69 6c 79 5c 22 3a 5c 22 4f 70 65 6e 20 53 61 6e 73 2c 20 27 5c 75 42 43 31 34 5c 75 44 30 44 35 27 2c 20 42 61 74 61 6e 67 2c 20 27 5c 75 42 43 31 34 5c 75 44 30 44 35 5c 75 43 43 42 34 27 2c 20 42 61 74 61 6e 67 43 68 65 2c 20 73 65 72 69 66 5c 22 7d 7d 7d 2c 7b 5c 22 6c 6f 63 61 6c 65 73 5c 22 3a 5b 5c 22 74 68 2d 54 48 5c 22 5d 2c 5c 22 6d 65 74 61 5c 22 3a 7b 5c 22 61 6c 74 65 72 6e 61 74 65 5c 22 3a 7b 5c 22 66 61 6d 69 6c 79 5c 22 3a 5c 22 4f 70 65 6e 20 53 61 6e 73 2c 20 4b 72 75 6e 67 74 68 65 70 2c 20 54 68 6f 6e 62 75 72 69 2c 20 54 61 68 6f 6d 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 5c 22 7d 7d 7d 2c 7b 5c 22 6c 6f 63 61 6c 65 73 5c 22 3a 5b 5c 22 7a 68 2d 43 4e 5c 22 2c 5c 22 7a 68 2d 53 47 5c Data Ascii: lternate\":{\"family\":\"Open Sans, '\uBC14\uD0D5', Batang, '\uBC14\uD0D5\uCCB4', BatangChe, serif\"}}},{\"locales\":[\"th-TH\"],\"meta\":{\"alternate\":{\"family\":\"Open Sans, Krungthep, Thonburi, Tahoma, sans-serif\"}}},{\"locales\":[\"zh-CN\",\"zh-SG\

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:44:12 UTC	518	OUT	GET /sw.js HTTP/1.1 Host: matamask-usaklog.godaddysites.com Connection: keep-alive Cache-Control: max-age=0 Accept: / Service-Worker: script Sec-Fetch-Site: same-origin Sec-Fetch-Mode: same-origin Sec-Fetch-Dest: serviceworker Referer: https://matamask-usaklog.godaddysites.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1
2025-01-12 00:44:12 UTC	736	IN	HTTP/1.1 200 OK Link: <https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Type: application/javascript Vary: Accept-Encoding Server: DPS/2.0.0+sha-fcac51d X-Version: fcac51d X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: 9097cccbd2c5c26b75130711c69798b9 Date: Sun, 12 Jan 2025 00:44:12 GMT Connection: close Transfer-Encoding: chunked
2025-01-12 00:44:12 UTC	15648	IN	Data Raw: 38 31 30 39 0d 0a 28 28 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 3d 7b 38 39 35 3a 28 29 3d 3e 7b 74 72 79 7b 73 65 6c 66 5b 22 77 6f 72 6b 62 6f 78 3a 63 61 63 68 65 61 62 6c 65 2d 72 65 73 70 6f 6e 73 65 3a 36 2e 34 2e 31 22 5d 26 26 5f 28 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 2c 32 35 39 3a 28 65 2c 74 2c 73 29 3d 3e 7b 73 2e 64 28 74 2c 7b 42 3a 28 29 3d 3e 61 7d 29 2c 73 28 39 31 33 29 3b 63 6c 61 73 73 20 61 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7b 74 68 69 73 2e 70 72 6f 6d 69 73 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 28 28 65 2c 74 29 3d 3e 7b 74 68 69 73 2e 72 65 73 6f 6c 76 65 3d 65 2c 74 68 69 73 2e 72 65 6a 65 63 74 3d 74 7d 29 29 7d 7d 7d 2c 31 32 35 3a 28 65 2c 74 2c 73 29 3d 3e 7b 73 2e 64 28 74 2c 7b 56 3a Data Ascii: 8109(()=>{"use strict";var e={895:()=>{try{self["workbox:cacheable-response:6.4.1"]&&_()}catch(e){}},259:(e,t,s)=>{s.d(t,{B:()=>a}),s(913);class a{constructor(){this.promise=new Promise(((e,t)=>{this.resolve=e,this.reject=t}))}}},125:(e,t,s)=>{s.d(t,{V:
2025-01-12 00:44:12 UTC	16384	IN	Data Raw: 2c 72 29 2c 72 7d 76 61 72 20 52 3b 52 3d 64 2c 64 3d 7b 2e 2e 2e 52 2c 67 65 74 3a 28 65 2c 74 2c 73 29 3d 3e 5f 28 65 2c 74 29 7c 7c 52 2e 67 65 74 28 65 2c 74 2c 73 29 2c 68 61 73 3a 28 65 2c 74 29 3d 3e 21 21 5f 28 65 2c 74 29 7c 7c 52 2e 68 61 73 28 65 2c 74 29 7d 2c 73 28 35 35 30 29 3b 63 6f 6e 73 74 20 76 3d 22 63 61 63 68 65 2d 65 6e 74 72 69 65 73 22 2c 62 3d 65 3d 3e 7b 63 6f 6e 73 74 20 74 3d 6e 65 77 20 55 52 4c 28 65 2c 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 72 65 74 75 72 6e 20 74 2e 68 61 73 68 3d 22 22 2c 74 2e 68 72 65 66 7d 3b 63 6c 61 73 73 20 78 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 65 29 7b 74 68 69 73 2e 5f 64 62 3d 6e 75 6c 6c 2c 74 68 69 73 2e 5f 63 61 63 68 65 4e 61 6d 65 3d 65 7d 5f 75 70 67 72 61 64 65 44 62 28 65 29 7b Data Ascii: ,r),r}var R;R=d,d={...R,get:(e,t,s)=>_(e,t)\|\|R.get(e,t,s),has:(e,t)=>!!_(e,t)\|\|R.has(e,t)},s(550);const v="cache-entries",b=e=>{const t=new URL(e,location.href);return t.hash="",t.href};class x{constructor(e){this._db=null,this._cacheName=e}_upgradeDb(e){
2025-01-12 00:44:12 UTC	1014	IN	Data Raw: 28 28 74 3d 3e 74 2e 74 65 73 74 28 65 2e 68 72 65 66 29 29 29 29 2c 6e 65 77 20 74 2e 4e 65 74 77 6f 72 6b 46 69 72 73 74 28 7b 63 61 63 68 65 4e 61 6d 65 3a 22 6e 65 74 77 6f 72 6b 2d 66 69 72 73 74 22 2c 70 6c 75 67 69 6e 73 3a 5b 6e 65 77 20 61 2e 43 61 63 68 65 61 62 6c 65 52 65 73 70 6f 6e 73 65 50 6c 75 67 69 6e 28 7b 73 74 61 74 75 73 65 73 3a 5b 32 30 30 5d 7d 29 5d 7d 29 29 2c 28 30 2c 65 2e 72 65 67 69 73 74 65 72 52 6f 75 74 65 29 28 28 28 7b 72 65 71 75 65 73 74 3a 65 7d 29 3d 3e 22 73 74 79 6c 65 22 3d 3d 3d 65 2e 64 65 73 74 69 6e 61 74 69 6f 6e 7c 7c 22 73 63 72 69 70 74 22 3d 3d 3d 65 2e 64 65 73 74 69 6e 61 74 69 6f 6e 29 2c 6e 65 77 20 74 2e 53 74 61 6c 65 57 68 69 6c 65 52 65 76 61 6c 69 64 61 74 65 28 7b 63 61 63 68 65 4e 61 6d 65 3a Data Ascii: ((t=>t.test(e.href)))),new t.NetworkFirst({cacheName:"network-first",plugins:[new a.CacheableResponsePlugin({statuses:[200]})]})),(0,e.registerRoute)((({request:e})=>"style"===e.destination\|\|"script"===e.destination),new t.StaleWhileRevalidate({cacheName:

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:44:12 UTC	570	OUT	GET /manifest.webmanifest HTTP/1.1 Host: matamask-usaklog.godaddysites.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: manifest Referer: https://matamask-usaklog.godaddysites.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-12 00:44:12 UTC	739	IN	HTTP/1.1 200 OK Link: <https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Type: application/manifest+json Vary: Accept-Encoding Server: DPS/2.0.0+sha-fcac51d X-Version: fcac51d X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: 97233a98f2d0fd151b130ae44d00a7f9 Date: Sun, 12 Jan 2025 00:44:12 GMT Connection: close Transfer-Encoding: chunked
2025-01-12 00:44:12 UTC	435	IN	Data Raw: 31 61 37 0d 0a 7b 22 73 63 6f 70 65 22 3a 22 2f 22 2c 22 73 74 61 72 74 5f 75 72 6c 22 3a 22 2f 22 2c 22 64 69 73 70 6c 61 79 22 3a 22 73 74 61 6e 64 61 6c 6f 6e 65 22 2c 22 69 63 6f 6e 73 22 3a 5b 7b 22 73 69 7a 65 73 22 3a 22 31 39 32 78 31 39 32 22 2c 22 74 79 70 65 22 3a 22 69 6d 61 67 65 2f 70 6e 67 22 2c 22 73 72 63 22 3a 22 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 69 73 74 65 61 6d 2f 69 70 2f 73 74 61 74 69 63 2f 70 77 61 2d 61 70 70 2f 6c 6f 67 6f 2d 64 65 66 61 75 6c 74 2e 70 6e 67 2f 3a 2f 72 73 3d 77 3a 31 39 32 2c 68 3a 31 39 32 2c 6d 22 7d 2c 7b 22 73 69 7a 65 73 22 3a 22 35 31 32 78 35 31 32 22 2c 22 74 79 70 65 22 3a 22 69 6d 61 67 65 2f 70 6e 67 22 2c 22 73 72 63 22 3a 22 2f 2f 69 6d 67 31 2e 77 73 69 6d 67 2e 63 6f 6d 2f 69 73 Data Ascii: 1a7{"scope":"/","start_url":"/","display":"standalone","icons":[{"sizes":"192x192","type":"image/png","src":"//img1.wsimg.com/isteam/ip/static/pwa-app/logo-default.png/:/rs=w:192,h:192,m"},{"sizes":"512x512","type":"image/png","src":"//img1.wsimg.com/is

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:44:13 UTC	510	OUT	GET /privacy-policy HTTP/1.1 Host: matamask-usaklog.godaddysites.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://matamask-usaklog.godaddysites.com/sw.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1
2025-01-12 00:44:13 UTC	1197	IN	HTTP/1.1 200 OK Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.12.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LIftL.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwr7Iw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-fcac51d X-Version: fcac51d X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: 42bf4eaff47c46170d366fe393b0f43e Date: Sun, 12 Jan 2025 00:44:13 GMT Connection: close Transfer-Encoding: chunked
2025-01-12 00:44:13 UTC	15187	IN	Data Raw: 31 30 63 66 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 6d 61 74 61 6d 61 73 6b 2d 75 73 61 6b 6c 6f 67 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 61 Data Ascii: 10cf6<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>matamask-usaklog</title><meta name="author" content="ma
2025-01-12 00:44:13 UTC	16384	IN	Data Raw: 2c 20 55 2b 31 46 39 39 36 2c 20 55 2b 31 46 39 45 39 2c 20 55 2b 31 46 41 30 30 2d 31 46 41 36 46 2c 20 55 2b 31 46 41 37 30 2d 31 46 41 37 43 2c 20 55 2b 31 46 41 38 30 2d 31 46 41 38 39 2c 20 55 2b 31 46 41 38 46 2d 31 46 41 43 36 2c 20 55 2b 31 46 41 43 45 2d 31 46 41 44 43 2c 20 55 2b 31 46 41 44 46 2d 31 46 41 45 39 2c 20 55 2b 31 46 41 46 30 2d 31 46 41 46 38 2c 20 55 2b 31 46 42 30 30 2d 31 46 42 46 46 3b 0a 7d 0a 2f 2a 20 76 69 65 74 6e 61 6d 65 73 65 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4c 6f 72 61 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 20 73 77 Data Ascii: , U+1F996, U+1F9E9, U+1FA00-1FA6F, U+1FA70-1FA7C, U+1FA80-1FA89, U+1FA8F-1FAC6, U+1FACE-1FADC, U+1FADF-1FAE9, U+1FAF0-1FAF8, U+1FB00-1FBFF;}/* vietnamese */@font-face { font-family: 'Lora'; font-style: italic; font-weight: 700; font-display: sw
2025-01-12 00:44:13 UTC	16384	IN	Data Raw: 61 72 67 69 6e 2d 74 6f 70 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 38 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 39 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 61 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 62 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4c 6f 72 61 2c 20 73 65 72 69 66 7d 2e 78 20 2e 63 31 2d 63 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 78 20 2e 63 31 2d 68 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 32 32 2c 20 32 32 2c 20 32 32 29 7d 2e 78 20 2e 63 31 2d 69 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 78 20 2e 63 31 2d 6a 7b 70 61 64 64 69 6e Data Ascii: argin-top:auto}.x .c1-8 > div{margin-right:auto}.x .c1-9 > div{margin-bottom:auto}.x .c1-a > div{margin-left:auto}.x .c1-b{font-family:Lora, serif}.x .c1-c{font-size:16px}.x .c1-h{background-color:rgb(22, 22, 22)}.x .c1-i{padding-top:100px}.x .c1-j{paddin
2025-01-12 00:44:13 UTC	16384	IN	Data Raw: 6c 69 63 6b 22 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 22 20 64 61 74 61 2d 61 69 64 3d 22 4e 41 56 5f 4d 4f 52 45 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 34 70 78 22 3e 4d 6f 72 65 3c 2f 73 70 61 6e 3e 3c 73 76 67 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 63 75 72 72 65 6e 74 43 6f 6c 6f 72 22 20 77 69 64 74 68 3d 22 31 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 64 61 74 61 2d 75 78 3d 22 49 63 6f 6e 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 73 76 67 20 63 31 2d 33 66 20 63 31 2d 31 73 20 63 31 2d 33 67 20 Data Ascii: lick"><div style="pointer-events:none;display:flex;align-items:center" data-aid="NAV_MORE"><span style="margin-right:4px">More</span><svg viewBox="0 0 24 24" fill="currentColor" width="16" height="16" data-ux="Icon" class="x-el x-el-svg c1-3f c1-1s c1-3g
2025-01-12 00:44:13 UTC	4529	IN	Data Raw: 3a 5c 22 50 6c 61 79 66 61 69 72 20 44 69 73 70 6c 61 79 2c 20 27 5c 75 43 35 36 30 5c 75 44 35 30 43 5c 75 41 43 45 30 5c 75 42 35 31 35 27 2c 20 41 70 70 6c 65 20 53 44 20 47 6f 74 68 69 63 20 4e 65 6f 2c 20 27 5c 75 43 35 36 30 5c 75 44 35 30 43 5c 75 41 43 45 30 5c 75 42 35 31 35 27 2c 20 41 70 70 6c 65 47 6f 74 68 69 63 2c 20 73 61 6e 73 2d 73 65 72 69 66 5c 22 7d 7d 7d 2c 7b 5c 22 6c 6f 63 61 6c 65 73 5c 22 3a 5b 5c 22 74 68 2d 54 48 5c 22 5d 2c 5c 22 6d 65 74 61 5c 22 3a 7b 5c 22 70 72 69 6d 61 72 79 5c 22 3a 7b 5c 22 66 61 6d 69 6c 79 5c 22 3a 5c 22 50 6c 61 79 66 61 69 72 20 44 69 73 70 6c 61 79 2c 20 54 68 6f 6e 62 75 72 69 2c 20 54 61 68 6f 6d 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 5c 22 7d 7d 7d 2c 7b 5c 22 6c 6f 63 61 6c 65 73 5c 22 3a 5b 5c Data Ascii: :\"Playfair Display, '\uC560\uD50C\uACE0\uB515', Apple SD Gothic Neo, '\uC560\uD50C\uACE0\uB515', AppleGothic, sans-serif\"}}},{\"locales\":[\"th-TH\"],\"meta\":{\"primary\":{\"family\":\"Playfair Display, Thonburi, Tahoma, sans-serif\"}}},{\"locales\":[\

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:44:13 UTC	501	OUT	GET /about HTTP/1.1 Host: matamask-usaklog.godaddysites.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://matamask-usaklog.godaddysites.com/sw.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1
2025-01-12 00:44:14 UTC	1197	IN	HTTP/1.1 200 OK Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.12.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LIftL.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwr7Iw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-fcac51d X-Version: fcac51d X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: d0c2496731703662e4a9e410d7363d71 Date: Sun, 12 Jan 2025 00:44:13 GMT Connection: close Transfer-Encoding: chunked
2025-01-12 00:44:14 UTC	15187	IN	Data Raw: 31 32 35 66 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 6d 61 74 61 6d 61 73 6b 2d 75 73 61 6b 6c 6f 67 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 61 Data Ascii: 125f5<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>matamask-usaklog</title><meta name="author" content="ma
2025-01-12 00:44:14 UTC	16384	IN	Data Raw: 2c 20 55 2b 31 46 39 45 39 2c 20 55 2b 31 46 41 30 30 2d 31 46 41 36 46 2c 20 55 2b 31 46 41 37 30 2d 31 46 41 37 43 2c 20 55 2b 31 46 41 38 30 2d 31 46 41 38 39 2c 20 55 2b 31 46 41 38 46 2d 31 46 41 43 36 2c 20 55 2b 31 46 41 43 45 2d 31 46 41 44 43 2c 20 55 2b 31 46 41 44 46 2d 31 46 41 45 39 2c 20 55 2b 31 46 41 46 30 2d 31 46 41 46 38 2c 20 55 2b 31 46 42 30 30 2d 31 46 42 46 46 3b 0a 7d 0a 2f 2a 20 76 69 65 74 6e 61 6d 65 73 65 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4c 6f 72 61 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 20 73 77 61 70 3b 0a 20 20 73 72 63 Data Ascii: , U+1F9E9, U+1FA00-1FA6F, U+1FA70-1FA7C, U+1FA80-1FA89, U+1FA8F-1FAC6, U+1FACE-1FADC, U+1FADF-1FAE9, U+1FAF0-1FAF8, U+1FB00-1FBFF;}/* vietnamese */@font-face { font-family: 'Lora'; font-style: italic; font-weight: 700; font-display: swap; src
2025-01-12 00:44:14 UTC	16384	IN	Data Raw: 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 38 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 39 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 61 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 62 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4c 6f 72 61 2c 20 73 65 72 69 66 7d 2e 78 20 2e 63 31 2d 63 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 78 20 2e 63 31 2d 68 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 32 32 2c 20 32 32 2c 20 32 32 29 7d 2e 78 20 2e 63 31 2d 69 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 78 20 2e 63 31 2d 6a 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a Data Ascii: :auto}.x .c1-8 > div{margin-right:auto}.x .c1-9 > div{margin-bottom:auto}.x .c1-a > div{margin-left:auto}.x .c1-b{font-family:Lora, serif}.x .c1-c{font-size:16px}.x .c1-h{background-color:rgb(22, 22, 22)}.x .c1-i{padding-top:100px}.x .c1-j{padding-bottom:
2025-01-12 00:44:14 UTC	16384	IN	Data Raw: 63 6f 6e 22 20 68 72 65 66 3d 22 23 22 20 64 61 74 61 2d 74 79 70 6f 67 72 61 70 68 79 3d 22 4c 69 6e 6b 41 6c 70 68 61 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 61 20 63 31 2d 31 64 20 63 31 2d 31 65 20 63 31 2d 31 66 20 63 31 2d 31 67 20 63 31 2d 31 68 20 63 31 2d 31 33 20 63 31 2d 31 69 20 63 31 2d 31 31 20 63 31 2d 31 6a 20 63 31 2d 31 6b 20 63 31 2d 31 6c 20 63 31 2d 31 6d 20 63 31 2d 31 6e 20 63 31 2d 31 6f 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 31 70 20 63 31 2d 31 71 20 63 31 2d 31 72 20 63 31 2d 64 20 63 31 2d 31 39 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 20 64 61 74 61 2d 74 63 63 6c 3d 22 75 78 32 2e 48 45 41 44 45 52 2e 68 65 61 64 65 72 39 2e 53 65 63 74 69 6f 6e 2e 44 65 66 61 75 6c 74 2e 4c 69 6e 6b 2e 44 72 6f 70 Data Ascii: con" href="#" data-typography="LinkAlpha" class="x-el x-el-a c1-1d c1-1e c1-1f c1-1g c1-1h c1-13 c1-1i c1-11 c1-1j c1-1k c1-1l c1-1m c1-1n c1-1o c1-b c1-c c1-1p c1-1q c1-1r c1-d c1-19 c1-e c1-f c1-g" data-tccl="ux2.HEADER.header9.Section.Default.Link.Drop
2025-01-12 00:44:14 UTC	10928	IN	Data Raw: 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 64 69 76 20 64 61 74 61 2d 75 78 3d 22 42 6c 6f 63 6b 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 69 76 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 64 69 76 20 64 61 74 61 2d 75 78 3d 22 49 6e 70 75 74 46 6c 6f 61 74 4c 61 62 65 6c 22 20 74 79 70 65 3d 22 74 65 78 74 22 20 64 61 74 61 2d 61 69 64 3d 22 43 4f 4e 54 41 43 54 5f 46 4f 52 4d 5f 4e 41 4d 45 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 69 76 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 71 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 Data Ascii: -d c1-e c1-f c1-g"><div data-ux="Block" class="x-el x-el-div c1-1 c1-2 c1-b c1-c c1-d c1-e c1-f c1-g"><div data-ux="InputFloatLabel" type="text" data-aid="CONTACT_FORM_NAME" class="x-el x-el-div c1-1 c1-2 c1-q c1-b c1-c c1-d c1-e c1-f c1-g"><input type="t

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:44:14 UTC	500	OUT	GET /blog HTTP/1.1 Host: matamask-usaklog.godaddysites.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://matamask-usaklog.godaddysites.com/sw.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1
2025-01-12 00:44:14 UTC	859	IN	HTTP/1.1 200 OK Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.12.js>; rel=preload; as=script; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-fcac51d X-Version: fcac51d X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: 5c4484956fa61d937f1d3b1e82295360 Date: Sun, 12 Jan 2025 00:44:14 GMT Connection: close Transfer-Encoding: chunked
2025-01-12 00:44:14 UTC	15525	IN	Data Raw: 38 62 66 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 6d 61 74 61 6d 61 73 6b 2d 75 73 61 6b 6c 6f 67 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c Data Ascii: 8bf1<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>matamask-usaklog</title><link rel="alternate" type="appl
2025-01-12 00:44:14 UTC	16384	IN	Data Raw: 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 30 32 34 70 78 29 7b 2e 78 20 2e 63 31 2d 32 63 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 30 32 34 70 78 29 7b 2e 78 20 2e 63 31 2d 32 64 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 30 32 34 70 78 29 7b 2e 78 20 2e 63 31 2d 32 65 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 30 32 34 70 78 29 7b 2e 78 20 2e 63 31 2d 32 66 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 30 32 34 70 78 29 7b 2e 78 20 2e 63 31 2d 32 69 7b 64 69 73 70 6c 61 Data Ascii: ia (min-width: 1024px){.x .c1-2c{margin-top:0}}@media (min-width: 1024px){.x .c1-2d{margin-right:auto}}@media (min-width: 1024px){.x .c1-2e{margin-bottom:0}}@media (min-width: 1024px){.x .c1-2f{margin-left:auto}}@media (min-width: 1024px){.x .c1-2i{displa
2025-01-12 00:44:14 UTC	3929	IN	Data Raw: 66 20 63 31 2d 67 22 3e 3c 64 69 76 20 64 61 74 61 2d 75 78 3d 22 47 72 69 64 43 65 6c 6c 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 64 69 76 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 36 63 20 63 31 2d 36 66 20 63 31 2d 36 67 20 63 31 2d 36 68 20 63 31 2d 32 38 20 63 31 2d 32 67 20 63 31 2d 31 62 20 63 31 2d 32 68 20 63 31 2d 31 63 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 36 69 20 63 31 2d 36 6a 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 64 69 76 20 64 61 74 61 2d 75 78 3d 22 46 6f 6f 74 65 72 44 65 74 61 69 6c 73 22 20 64 61 74 61 2d 61 69 64 3d 22 46 4f 4f 54 45 52 5f 43 4f 50 59 52 49 47 48 54 5f 52 45 4e 44 45 52 45 44 22 20 64 61 74 61 2d 74 79 70 6f 67 72 61 70 68 79 3d 22 44 65 74 61 69 6c 73 41 6c 70 68 61 Data Ascii: f c1-g"><div data-ux="GridCell" class="x-el x-el-div c1-1 c1-2 c1-6c c1-6f c1-6g c1-6h c1-28 c1-2g c1-1b c1-2h c1-1c c1-b c1-c c1-d c1-6i c1-6j c1-e c1-f c1-g"><div data-ux="FooterDetails" data-aid="FOOTER_COPYRIGHT_RENDERED" data-typography="DetailsAlpha

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:44:15 UTC	516	OUT	GET /terms-and-conditions HTTP/1.1 Host: matamask-usaklog.godaddysites.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://matamask-usaklog.godaddysites.com/sw.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1
2025-01-12 00:44:15 UTC	1197	IN	HTTP/1.1 200 OK Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.12.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LIftL.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwr7Iw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-fcac51d X-Version: fcac51d X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: 46ca5fdaedf44a79f86edb0d1ad54741 Date: Sun, 12 Jan 2025 00:44:15 GMT Connection: close Transfer-Encoding: chunked
2025-01-12 00:44:15 UTC	15187	IN	Data Raw: 31 30 39 36 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 6d 61 74 61 6d 61 73 6b 2d 75 73 61 6b 6c 6f 67 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 61 Data Ascii: 1096f<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>matamask-usaklog</title><meta name="author" content="ma
2025-01-12 00:44:15 UTC	16384	IN	Data Raw: 2b 31 46 39 38 34 2c 20 55 2b 31 46 39 39 36 2c 20 55 2b 31 46 39 45 39 2c 20 55 2b 31 46 41 30 30 2d 31 46 41 36 46 2c 20 55 2b 31 46 41 37 30 2d 31 46 41 37 43 2c 20 55 2b 31 46 41 38 30 2d 31 46 41 38 39 2c 20 55 2b 31 46 41 38 46 2d 31 46 41 43 36 2c 20 55 2b 31 46 41 43 45 2d 31 46 41 44 43 2c 20 55 2b 31 46 41 44 46 2d 31 46 41 45 39 2c 20 55 2b 31 46 41 46 30 2d 31 46 41 46 38 2c 20 55 2b 31 46 42 30 30 2d 31 46 42 46 46 3b 0a 7d 0a 2f 2a 20 76 69 65 74 6e 61 6d 65 73 65 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4c 6f 72 61 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 64 69 73 70 6c Data Ascii: +1F984, U+1F996, U+1F9E9, U+1FA00-1FA6F, U+1FA70-1FA7C, U+1FA80-1FA89, U+1FA8F-1FAC6, U+1FACE-1FADC, U+1FADF-1FAE9, U+1FAF0-1FAF8, U+1FB00-1FBFF;}/* vietnamese */@font-face { font-family: 'Lora'; font-style: italic; font-weight: 700; font-displ
2025-01-12 00:44:15 UTC	16384	IN	Data Raw: 20 64 69 76 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 38 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 39 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 61 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 62 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4c 6f 72 61 2c 20 73 65 72 69 66 7d 2e 78 20 2e 63 31 2d 63 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 78 20 2e 63 31 2d 68 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 32 32 2c 20 32 32 2c 20 32 32 29 7d 2e 78 20 2e 63 31 2d 69 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 78 20 2e 63 31 2d 6a 7b Data Ascii: div{margin-top:auto}.x .c1-8 > div{margin-right:auto}.x .c1-9 > div{margin-bottom:auto}.x .c1-a > div{margin-left:auto}.x .c1-b{font-family:Lora, serif}.x .c1-c{font-size:16px}.x .c1-h{background-color:rgb(22, 22, 22)}.x .c1-i{padding-top:100px}.x .c1-j{
2025-01-12 00:44:15 UTC	16384	IN	Data Raw: 4d 6f 72 65 4d 65 6e 75 4c 69 6e 6b 22 20 74 61 72 67 65 74 3d 22 22 20 64 61 74 61 2d 70 61 67 65 3d 22 63 64 33 63 37 61 37 33 2d 31 39 34 34 2d 34 61 31 31 2d 39 66 32 64 2d 32 33 35 65 37 66 31 38 62 62 33 34 22 20 64 61 74 61 2d 65 64 69 74 2d 69 6e 74 65 72 61 63 74 69 76 65 3d 22 74 72 75 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 6c 65 64 62 79 3d 22 6d 6f 72 65 2d 38 35 35 30 31 22 20 68 72 65 66 3d 22 2f 22 20 64 61 74 61 2d 74 79 70 6f 67 72 61 70 68 79 3d 22 4e 61 76 41 6c 70 68 61 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 61 20 63 31 2d 32 79 20 63 31 2d 32 20 63 31 2d 31 66 20 63 31 2d 31 67 20 63 31 2d 31 68 20 63 31 2d 31 73 20 63 31 2d 31 69 20 63 31 2d 31 31 20 63 31 2d 71 20 63 31 2d 34 62 20 63 31 2d 34 63 20 63 31 2d 34 64 Data Ascii: MoreMenuLink" target="" data-page="cd3c7a73-1944-4a11-9f2d-235e7f18bb34" data-edit-interactive="true" aria-labelledby="more-85501" href="/" data-typography="NavAlpha" class="x-el x-el-a c1-2y c1-2 c1-1f c1-1g c1-1h c1-1s c1-1i c1-11 c1-q c1-4b c1-4c c1-4d
2025-01-12 00:44:15 UTC	3626	IN	Data Raw: 6f 72 65 2e 75 74 69 6c 73 2e 64 65 66 65 72 42 6f 6f 74 73 74 72 61 70 28 7b 65 6c 49 64 3a 27 62 73 2d 31 27 2c 63 6f 6d 70 6f 6e 65 6e 74 4e 61 6d 65 3a 27 40 77 69 64 67 65 74 2f 4c 41 59 4f 55 54 2f 62 73 2d 48 61 6d 62 75 72 67 65 72 2d 43 6f 6d 70 6f 6e 65 6e 74 27 2c 70 72 6f 70 73 3a 4a 53 4f 4e 2e 70 61 72 73 65 28 22 7b 5c 22 74 6f 67 67 6c 65 49 64 5c 22 3a 5c 22 6e 2d 38 35 34 39 35 2d 6e 61 76 49 64 2d 6d 6f 62 69 6c 65 5c 22 2c 5c 22 75 6e 69 71 75 65 49 64 5c 22 3a 5c 22 6e 2d 38 35 34 39 35 5c 22 2c 5c 22 73 74 79 6c 65 5c 22 3a 7b 5c 22 63 6f 6c 6f 72 5c 22 3a 5c 22 68 69 67 68 43 6f 6e 74 72 61 73 74 5c 22 2c 5c 22 3a 68 6f 76 65 72 5c 22 3a 7b 5c 22 63 6f 6c 6f 72 5c 22 3a 5c 22 68 69 67 68 6c 69 67 68 74 5c 22 7d 2c 5c 22 40 6d 64 5c Data Ascii: ore.utils.deferBootstrap({elId:'bs-1',componentName:'@widget/LAYOUT/bs-Hamburger-Component',props:JSON.parse("{\"toggleId\":\"n-85495-navId-mobile\",\"uniqueId\":\"n-85495\",\"style\":{\"color\":\"highContrast\",\":hover\":{\"color\":\"highlight\"},\"@md\

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (33033), with no line terminators
Category:	downloaded
Size (bytes):	33033
Entropy (8bit):	5.236777100676369
Encrypted:	false
SSDEEP:	768:8QMz7Xi7utc79QusIPgexnKnPxPC7JWU/VHeLNsiQk/c4ur2McV2xdnGYeCjWQT7:si79wq0xPCFWsHuCleZ0j/TsmU2
MD5:	9097CCCBD2C5C26B75130711C69798B9
SHA1:	1B6044F26FF92980A125D552F8D3D6A424AAF3CA
SHA-256:	3DE5F512686FFDC8711B0D54A46BA38BAA7190FF50937C8733990B5817CB039E
SHA-512:	F3EA32F2F5BC7F1CB770257DE7CACE68DE57ED377E0DBA74792F3208A4E35C1160899E68D3861F5FFDF75D5E100089436E5AA672DDA5259041609116A5F91DD9
Malicious:	false
Reputation:	low
URL:	https://matamask-usaklog.godaddysites.com/sw.js
Preview:	(()=>{"use strict";var e={895:()=>{try{self["workbox:cacheable-response:6.4.1"]&&_()}catch(e){}},259:(e,t,s)=>{s.d(t,{B:()=>a}),s(913);class a{constructor(){this.promise=new Promise(((e,t)=>{this.resolve=e,this.reject=t}))}}},125:(e,t,s)=>{s.d(t,{V:()=>a}),s(913);class a extends Error{constructor(e,t){super(((e,...t)=>{let s=e;return t.length>0&&(s+=` :: ${JSON.stringify(t)}`),s})(e,t)),this.name=e,this.details=t}}},524:(e,t,s)=>{s.d(t,{h:()=>a}),s(125),s(913);const a=null},594:(e,t,s)=>{function a(e,t){const s=new URL(e);for(const e of t)s.searchParams.delete(e);return s.href}async function n(e,t,s,n){const r=a(t.url,s);if(t.url===r)return e.match(t,n);const i=Object.assign(Object.assign({},n),{ignoreSearch:!0}),c=await e.keys(t,i);for(const t of c)if(r===a(t.url,s))return e.match(t,n)}s.d(t,{F:()=>n}),s(913)},536:(e,t,s)=>{s.d(t,{x:()=>r}),s(913);const a={googleAnalytics:"googleAnalytics",precache:"precache-v2",prefix:"workbox",runtime:"runtime",suffix:"undefined"!=typeof registratio

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 40780, version 1.0
Category:	downloaded
Size (bytes):	40780
Entropy (8bit):	7.994447977794676
Encrypted:	true
SSDEEP:	768:K44yiPLpoujI01GhxWWIIUzpAapX8ngv1TkFnJLEUQeyFbsWgqv6:K4tSLyuj/1mO7zHOgvYdQbs5qv6
MD5:	F0F2581E01EE5B7385817251BDD58982
SHA1:	B3D6B3E87DAA05D92CCB0F1E2229C6D01DBEB7E5
SHA-256:	E6264C4BA08112A29ACAC88951C292C15123E5DE2F38EA8E6B7B86FD8BEF7C08
SHA-512:	20DD633BB5B20EC8BC3CEFB7E0E6C8DC785615734155C0A707CCBA94230A2C5110E3184DC23EBCF1662DBCF24E455B5C8A7417D45BE786C300F872A3ADCE0C85
Malicious:	false
Reputation:	low
URL:	https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LIftL.woff2
Preview:	wOF2.......L......5t..................................D..`?HVAR...`?STATn.../D.....t..Q..6.0..p.6.$..h. .......[Q.q.O6..6..z.>...-.\.f.....U.cV....?. ..?/...i..).....m.EX.HA&DR.D.[..d.=....mA[...=.......By.4.v8. 3!.l^T..@...&....^8i.2.Le..9.../@.m.x..?.u.;.I..]~..5.cnw.o.4w.@.'s..LI.....i.7..K...1.....e....%=........f....y.:4..e..rx. ...P.........[1F.G..a.-n....+F.#..Uh..#.#..Ga.Omx~n../../..a.F,.....6%Fb.QuzF]`...z.uwzz..^`....UB.x.Tel.9...[1..T!..{p.^..@..Wb.2.X.8....=...o%; r..H%.d.-..hLmUu."..U..gzz..n.l.e.,....w>.eG..o.............G.3.if...C...1[.k.-&mE....#\.a..9.C.H......DD.v.!""vl. b.]r....b.]....3.w..)...9..R...V.vA].j..-....~..A+8.z....l...tWh.a..as...U...-..v......i.4....s.@...-.G3bx.u........oO....8....4v...f.......].`..w.8.....3...!..;..pw.\..D.o..s.-.pB.B~^..h..C.R.3..\|...XtK^.Lp.."..O?.y......>D.I2....#1\|.Q..t.9...S.}...JQ.{.Bm...Z..t.H......U......9_%..n...}.Z...)...........d2..>..U....H.]...9..zC.Y.w...!30YD[.+b....<.

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:44:16 UTC	496	OUT	GET / HTTP/1.1 Host: matamask-usaklog.godaddysites.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://matamask-usaklog.godaddysites.com/sw.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1
2025-01-12 00:44:16 UTC	859	IN	HTTP/1.1 200 OK Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.12.js>; rel=preload; as=script; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-fcac51d X-Version: fcac51d X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: 08f3b13aeec424563eb92ec455108c54 Date: Sun, 12 Jan 2025 00:44:16 GMT Connection: close Transfer-Encoding: chunked
2025-01-12 00:44:16 UTC	15525	IN	Data Raw: 64 64 35 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 4d 65 74 f0 9d 93 aa 4d 61 73 6b 20 7c 20 4c 6f 67 69 6e 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 Data Ascii: dd59<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>MetMask \| Login</title><link rel="alternate" type="a
2025-01-12 00:44:16 UTC	16384	IN	Data Raw: 67 2d 6c 65 66 74 3a 31 2e 33 65 6d 7d 2e 78 20 2e 63 31 2d 38 62 20 3e 20 75 6c 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 36 70 78 7d 2e 78 20 2e 63 31 2d 38 63 20 3e 20 75 6c 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 36 70 78 7d 2e 78 20 2e 63 31 2d 38 64 20 3e 20 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 38 65 20 3e 20 75 6c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 38 66 20 3e 20 6f 6c 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 78 20 2e 63 31 2d 38 67 20 3e 20 6f 6c 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 78 20 2e 63 31 2d 38 68 20 3e 20 6f 6c 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 2e 33 65 6d 7d 2e 78 20 2e 63 31 2d 38 69 20 3e 20 6f 6c 7b 6d 61 72 Data Ascii: g-left:1.3em}.x .c1-8b > ul{margin-left:16px}.x .c1-8c > ul{margin-right:16px}.x .c1-8d > ul{margin-top:auto}.x .c1-8e > ul{margin-bottom:auto}.x .c1-8f > ol{text-align:left}.x .c1-8g > ol{display:block}.x .c1-8h > ol{padding-left:1.3em}.x .c1-8i > ol{mar
2025-01-12 00:44:16 UTC	16384	IN	Data Raw: 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 68 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 64 69 76 3e 20 3c 73 65 63 74 69 6f 6e 20 64 61 74 61 2d 75 78 3d 22 53 65 63 74 69 6f 6e 22 20 64 61 74 61 2d 61 69 64 3d 22 48 45 41 44 45 52 5f 53 45 43 54 49 4f 4e 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 73 65 63 74 69 6f 6e 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 68 20 63 31 2d 69 20 63 31 2d 6a 20 63 31 2d 6b 20 63 31 2d 6c 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 6d 20 63 31 2d 6e 20 63 31 2d 64 20 63 31 2d 65 Data Ascii: c1-d c1-e c1-f c1-g c1-1 c1-2 c1-h c1-b c1-c c1-d c1-e c1-f c1-g c1-1 c1-2 c1-b c1-c c1-d c1-e c1-f c1-g"><div> <section data-ux="Section" data-aid="HEADER_SECTION" class="x-el x-el-section c1-1 c1-2 c1-h c1-i c1-j c1-k c1-l c1-b c1-c c1-m c1-n c1-d c1-e
2025-01-12 00:44:16 UTC	8385	IN	Data Raw: 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 3e 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 33 31 2e 39 36 38 20 32 33 48 31 32 2e 30 33 32 63 2d 2e 35 37 20 30 2d 31 2e 30 33 32 2d 2e 34 34 38 2d 31 2e 30 33 32 2d 31 20 30 2d 2e 35 35 33 2e 34 36 32 2d 31 20 31 2e 30 33 32 2d 31 68 31 39 2e 39 33 36 63 2e 35 37 20 30 20 31 2e 30 33 32 2e 34 34 37 20 31 2e 30 33 32 20 31 20 30 20 2e 35 35 32 2d 2e 34 36 32 20 31 2d 31 2e 30 33 32 20 31 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 73 65 63 74 69 6f 6e 3e 20 20 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 37 36 61 34 38 Data Ascii: c1-c c1-d c1-e c1-f c1-g"><path fill-rule="evenodd" d="M31.968 23H12.032c-.57 0-1.032-.448-1.032-1 0-.553.462-1 1.032-1h19.936c.57 0 1.032.447 1.032 1 0 .552-.462 1-1.032 1"></path></svg></div></div></div></div></section> </div></div></div><div id="76a48

Timestamp	Bytes transferred	Direction	Data
2025-01-12 00:44:16 UTC	504	OUT	GET /lookbook HTTP/1.1 Host: matamask-usaklog.godaddysites.com Connection: keep-alive Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://matamask-usaklog.godaddysites.com/sw.js Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: dps_site_id=us-east-1
2025-01-12 00:44:17 UTC	1197	IN	HTTP/1.1 200 OK Link: <//img1.wsimg.com/ceph-p3-01/website-builder-data-prod/static/widgets/UX.4.28.12.js>; rel=preload; as=script; crossorigin,<https://img1.wsimg.com/gfonts/s/playfairdisplay/v37/nuFiD-vYSZviVYUb_rj3ij__anPXDTzYgA.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIhMX1D_JOuMw_LIftL.woff2>; rel=preload; as=font; crossorigin,<https://img1.wsimg.com/gfonts/s/lora/v35/0QIvMX1D_JOuMwr7Iw.woff2>; rel=preload; as=font; crossorigin,<https://fonts.googleapis.com>; rel=preconnect; crossorigin,<https://fonts.gstatic.com>; rel=preconnect; crossorigin,<https://img1.wsimg.com>; rel=preconnect; crossorigin,<https://isteam.wsimg.com>; rel=preconnect; crossorigin Cache-Control: max-age=30 Content-Security-Policy: frame-ancestors 'self' godaddy.com *.godaddy.com Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Type: text/html;charset=utf-8 Vary: Accept-Encoding Server: DPS/2.0.0+sha-fcac51d X-Version: fcac51d X-SiteId: us-east-1 Set-Cookie: dps_site_id=us-east-1; path=/; secure ETag: ea7fd835d2a4be3d97d9fc7e5f7fe035 Date: Sun, 12 Jan 2025 00:44:17 GMT Connection: close Transfer-Encoding: chunked
2025-01-12 00:44:17 UTC	15187	IN	Data Raw: 31 30 65 38 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 6d 61 74 61 6d 61 73 6b 2d 75 73 61 6b 6c 6f 67 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 61 Data Ascii: 10e8e<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width, initial-scale=1"/><title>matamask-usaklog</title><meta name="author" content="ma
2025-01-12 00:44:17 UTC	16384	IN	Data Raw: 39 39 36 2c 20 55 2b 31 46 39 45 39 2c 20 55 2b 31 46 41 30 30 2d 31 46 41 36 46 2c 20 55 2b 31 46 41 37 30 2d 31 46 41 37 43 2c 20 55 2b 31 46 41 38 30 2d 31 46 41 38 39 2c 20 55 2b 31 46 41 38 46 2d 31 46 41 43 36 2c 20 55 2b 31 46 41 43 45 2d 31 46 41 44 43 2c 20 55 2b 31 46 41 44 46 2d 31 46 41 45 39 2c 20 55 2b 31 46 41 46 30 2d 31 46 41 46 38 2c 20 55 2b 31 46 42 30 30 2d 31 46 42 46 46 3b 0a 7d 0a 2f 2a 20 76 69 65 74 6e 61 6d 65 73 65 20 2a 2f 0a 40 66 6f 6e 74 2d 66 61 63 65 20 7b 0a 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4c 6f 72 61 27 3b 0a 20 20 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 69 74 61 6c 69 63 3b 0a 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 66 6f 6e 74 2d 64 69 73 70 6c 61 79 3a 20 73 77 61 70 3b 0a 20 20 Data Ascii: 996, U+1F9E9, U+1FA00-1FA6F, U+1FA70-1FA7C, U+1FA80-1FA89, U+1FA8F-1FAC6, U+1FACE-1FADC, U+1FADF-1FAE9, U+1FAF0-1FAF8, U+1FB00-1FBFF;}/* vietnamese */@font-face { font-family: 'Lora'; font-style: italic; font-weight: 700; font-display: swap;
2025-01-12 00:44:17 UTC	16384	IN	Data Raw: 74 6f 70 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 38 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 39 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 61 20 3e 20 64 69 76 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 7d 2e 78 20 2e 63 31 2d 62 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 4c 6f 72 61 2c 20 73 65 72 69 66 7d 2e 78 20 2e 63 31 2d 63 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 7d 2e 78 20 2e 63 31 2d 68 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 28 32 32 2c 20 32 32 2c 20 32 32 29 7d 2e 78 20 2e 63 31 2d 69 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 78 20 2e 63 31 2d 6a 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 Data Ascii: top:auto}.x .c1-8 > div{margin-right:auto}.x .c1-9 > div{margin-bottom:auto}.x .c1-a > div{margin-left:auto}.x .c1-b{font-family:Lora, serif}.x .c1-c{font-size:16px}.x .c1-h{background-color:rgb(22, 22, 22)}.x .c1-i{padding-top:100px}.x .c1-j{padding-bott
2025-01-12 00:44:17 UTC	16384	IN	Data Raw: 2e 30 36 31 2e 36 39 39 2e 36 39 39 20 30 20 30 20 31 20 31 2e 30 31 37 20 30 6c 36 2e 34 33 33 20 36 2e 37 31 33 20 36 2e 38 36 38 2d 36 2e 37 34 35 61 2e 36 39 38 2e 36 39 38 20 30 20 30 20 31 20 31 2e 30 31 36 2e 30 33 32 22 3e 3c 2f 70 61 74 68 3e 3c 2f 73 76 67 3e 3c 2f 64 69 76 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 75 6c 20 64 61 74 61 2d 75 78 3d 22 4e 61 76 44 72 6f 70 64 6f 77 6e 22 20 72 6f 6c 65 3d 22 6d 65 6e 75 22 20 69 64 3d 22 6d 6f 72 65 2d 31 34 32 39 35 30 22 20 63 6c 61 73 73 3d 22 78 2d 65 6c 20 78 2d 65 6c 2d 75 6c 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 33 6e 20 63 31 2d 33 6f 20 63 31 2d 68 20 63 31 2d 72 20 63 31 2d 73 20 63 31 2d 33 70 20 63 31 2d 33 71 20 63 31 2d 33 72 20 63 31 2d 33 73 20 63 31 2d 33 74 20 63 31 2d 32 75 20 63 Data Ascii: .061.699.699 0 0 1 1.017 0l6.433 6.713 6.868-6.745a.698.698 0 0 1 1.016.032"></path></svg></div></a></div><ul data-ux="NavDropdown" role="menu" id="more-142950" class="x-el x-el-ul c1-1 c1-2 c1-3n c1-3o c1-h c1-r c1-s c1-3p c1-3q c1-3r c1-3s c1-3t c1-2u c
2025-01-12 00:44:17 UTC	4937	IN	Data Raw: 78 2d 65 6c 2d 69 6d 67 20 63 31 2d 31 20 63 31 2d 32 20 63 31 2d 34 20 63 31 2d 32 38 20 63 31 2d 32 36 20 63 31 2d 32 37 20 63 31 2d 31 34 20 63 31 2d 31 36 20 63 31 2d 33 6d 20 63 31 2d 36 70 20 63 31 2d 31 69 20 63 31 2d 36 6d 20 63 31 2d 36 6e 20 63 31 2d 36 6f 20 63 31 2d 33 66 20 63 31 2d 36 71 20 63 31 2d 62 20 63 31 2d 63 20 63 31 2d 64 20 63 31 2d 65 20 63 31 2d 66 20 63 31 2d 67 22 2f 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 73 65 63 74 69 6f 6e 3e 20 20 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 22 39 35 32 39 65 38 30 63 2d 31 37 61 61 2d 34 62 37 65 2d 62 39 65 66 2d 62 38 63 38 32 33 38 34 65 65 33 37 22 20 63 6c Data Ascii: x-el-img c1-1 c1-2 c1-4 c1-28 c1-26 c1-27 c1-14 c1-16 c1-3m c1-6p c1-1i c1-6m c1-6n c1-6o c1-3f c1-6q c1-b c1-c c1-d c1-e c1-f c1-g"/></div></div></div></div></div></div></div></section> </div></div></div><div id="9529e80c-17aa-4b7e-b9ef-b8c82384ee37" cl

Target ID:	0
Start time:	19:43:55
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	19:43:57
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 --field-trial-handle=2360,i,239639153470750848,14560464751290221293,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	19:44:04
Start date:	11/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://matamask-usaklog.godaddysites.com/"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://matamask-usaklog.godaddysites.com/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 100

Chrome Cache Entry: 101

Chrome Cache Entry: 102

Chrome Cache Entry: 103

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 115

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 121

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Windows Analysis Report
http://matamask-usaklog.godaddysites.com/

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre